eFPE: Design, Implementation, and Evaluation of a Lightweight Format-Preserving Encryption Algorithm for Embedded Systems

TL;DR

This paper presents eFPE, a lightweight, format-preserving encryption algorithm tailored for resource-limited embedded systems, combining efficiency, security, and direct encryption of data formats without padding.

Contribution

Introduces eFPE, an 8-round Feistel cipher with a novel lightweight PRF designed for embedded systems, enabling secure format-preserving encryption with minimal resource usage.

Findings

eFPE achieves a small firmware footprint suitable for embedded devices.

The algorithm provides IND-CCA2 security under standard assumptions.

eFPE efficiently encrypts data formats without padding or complex conversions.

Abstract

Resource-constrained embedded systems demand secure yet lightweight data protection, particularly when data formats must be preserved. This paper introduces eFPE (Enhanced Format-Preserving Encryption), an 8-round Feistel cipher featuring a "novel lightweight Pseudorandom Function (PRF)" specifically designed for this domain. The PRF, architected with an efficient two-iteration structure of AES-inspired operations (byte-substitution, keyed XOR, and byte-rotation), underpins eFPE's ability to directly encrypt even-length decimal strings without padding or complex conversions, while aiming for IND-CCA2 security under standard assumptions. Implemented and evaluated on an ARM7TDMI LPC2148 microcontroller using Keil {\mu}Vision 4, eFPE demonstrates the efficacy of its targeted design: a total firmware Read-Only Memory (ROM) footprint of 4.73 kB and Random Access Memory (RAM) usage of 1.34 kB. The core eFPE algorithm module itself is notably compact, requiring only 3.55 kB ROM and 116 B RAM. These characteristics make eFPE a distinct and highly suitable solution for applications like financial terminals, medical sensors, and industrial IoT devices where data format integrity, minimal resource footprint, and low operational latency are paramount.